Content distribution with digital right management (DRM) is available using multicast and broadcast content distribution. Each client or receiver in a subscription-based content distribution system receives the same protected content. DRM systems reduce the unauthorized access to content so as to prevent clients that have not subscribed to the content from illegally obtaining it.
Typically, a measure to protect content in the prior art is to use common keys which are known by all clients to encrypt content in a server (sender) distributing the content, so that each client will normally use the received content after decrypting the received content with the common keys. Then, a problem arises: since the content is directed to all authorized clients, a malicious attack and the like on any authorized client will cause exposure of the common keys of all authorized clients, and then an illegal client will be easy to obtain the content which the server distributes to a plurality of authorized clients by using the exposed common key with ease.
To eliminate the above problem caused by common keys, other systems use a public key exchange solution. In this solution, a server generates and stores a key that is unique to each client in accordance with public keys provided by the clients respectively. When sending some content, the server encrypts the content with the key unique to a client that will receive the content. Only with the corresponding key, can the client decrypt the content for use upon receipt of the content. In such a case, even if other clients have received the content, they still cannot decrypt the content for lack of the corresponding private key. In a content sending/receiving system based on this solution, even if a key that is unique to a authorized client is exposed due to a malicious attack on the client, contents that have been sent to other clients are prevented from authorized use, as only the content of the attacked client can be decrypted with the exposed private key. However, a serious problem caused by this solution is that even if there is a plurality of clients receiving the same content, the server respectively encrypts the same content with each client's specific key and sends the same content in order. This greatly increases the burden on the system's processing time and storage resources.
To reduce the burden on system resources, U.S. Pat. No. 6,636,968 describes another solution. In this solution, a server creates a uniform session key using public keys sent by all authorized clients and the server's own key, to perform uniform encryption of content. At the same time, the server creates group key and partial keys for decryption and sends these keys out. Only when a client that has received the encrypted content combines the group key, the partial key and its specific private key to create a decryption key for decrypting the content, can the client decrypt the received content. By using such a solution that the uniform session key is combined with the private key, an authorized client is prevented from obtaining content distributed to other clients after a malicious attack on a certain authorized client, and the content only needs to be encrypted once in case that a plurality of clients share the same content. However, the multiple keys (public keys at clients, public pair keys and partial keys) exchange in this solution will increase the network's transmission amount, compound the content distributing solution and raise the implementation costs.
According what is needed is a method and system to over come the problems encountered in the prior art and to reduce the amount of network transmission required.